Skip to content

Replace HaaLeo/publish-vscode-extension with inline publish steps#4231

Merged
zackverham merged 3 commits into
mainfrom
zackverham/inline-publish-vscode-extension
Jun 3, 2026
Merged

Replace HaaLeo/publish-vscode-extension with inline publish steps#4231
zackverham merged 3 commits into
mainfrom
zackverham/inline-publish-vscode-extension

Conversation

@zackverham

@zackverham zackverham commented Jun 3, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Removes the dependency on HaaLeo/publish-vscode-extension@v2 (a Node.js-based action with runtime version constraints)
  • Replaces it with inline bash steps that call @vscode/vsce and ovsx directly via npx
  • Auth is handled via environment variables (VSCE_PAT / OVSX_TOKEN) which is how both tools natively authenticate

Proves the viability of posit-dev/posit-gh-actions#2 - which would expose a common drop-in replacement GHA for the HaaLeo dependency.

The HaaLeo action is a Node.js-based action that introduces runtime
version dependencies. Replace it with inline bash steps that call
vsce/ovsx directly via npx, matching the approach we prototyped in
posit-gh-actions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@zackverham zackverham requested a review from a team as a code owner June 3, 2026 20:55
@posit-connect-projects

posit-connect-projects Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Claude finished @zackverham's task in 1m 37s —— View job


Code Review

  • Reading the changed workflow file
  • Analyzing the implementation
  • Providing code review feedback

Overall: Good approach to remove the third-party action dependency. The inline bash implementation is more transparent and gives you direct control over the tooling versions. However, there's one bug that needs to be fixed before merging.

Bug: Incorrect environment variable for Open VSX authentication

The ovsx CLI expects the token in an environment variable named OVSX_PAT, but the workflow sets OVSX_TOKEN:

# Line 74-75 - Current (incorrect)
env:
  OVSX_TOKEN: ${{ secrets.OPEN_VSX_TOKEN }}

From the ovsx documentation:

You can either pass the token via the --pat (or -p) argument, or put it into an environment variable named OVSX_PAT.

Fix: Rename the environment variable to OVSX_PAT:

env:
  OVSX_PAT: ${{ secrets.OPEN_VSX_TOKEN }}

Fix this →

What looks good

  1. Robust shell scripting - Using set -euo pipefail ensures the script fails fast on errors
  2. Defensive validation - Checking the extension file exists before publishing prevents confusing downstream errors
  3. Proper error annotations - Using ::error:: syntax provides clear visibility in the GitHub Actions UI
  4. Version pinning strategy - Pinning to major versions (@vscode/vsce@2, ovsx@0) balances stability with security patches
  5. VS Marketplace auth is correct - VSCE_PAT is the right environment variable name for @vscode/vsce

Nit (optional)

The EXTENSION_FILE variable could be removed and replaced with direct use of the step output:

run: |
  set -euo pipefail
  ext_file="${{ steps.get-extension-path.outputs.extension_path }}"
  if [[ ! -f "$ext_file" ]]; then
    echo "::error::extensionFile not found at: $ext_file"
    exit 1
  fi
  npx --yes @vscode/vsce@2 publish --packagePath "$ext_file" --skip-duplicate

This is purely stylistic - the current approach with env: is equally valid and perhaps more readable.


@zackverham

Copy link
Copy Markdown
Collaborator Author

@claude can you fix the issues you identified in code review above

@posit-connect-projects

posit-connect-projects Bot commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Claude finished @zackverham's task in 42s —— View job


Fixing code review issues

  • Read the current workflow file
  • Fix OVSX_TOKENOVSX_PAT environment variable
  • Commit and push the fix — blocked by permissions

I made the fix locally (renaming OVSX_TOKEN to OVSX_PAT on line 74 of .github/workflows/publish.yaml), but I'm unable to push it because the GitHub App doesn't have workflows permission to modify files in .github/workflows/.

You can apply this one-line fix manually:

--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -71,7 +71,7 @@ jobs:
 
       - name: Publish to Open VSX Registry
         env:
-          OVSX_TOKEN: ${{ secrets.OPEN_VSX_TOKEN }}
+          OVSX_PAT: ${{ secrets.OPEN_VSX_TOKEN }}
           EXTENSION_FILE: ${{ steps.get-extension-path.outputs.extension_path }}

The ovsx CLI authenticates via the OVSX_PAT environment variable — OVSX_TOKEN is not recognized, so publishing to Open VSX would silently fail or error without this fix.

The ovsx CLI reads credentials from OVSX_PAT, not OVSX_TOKEN.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Comment thread .github/workflows/publish.yaml Outdated
Comment thread .github/workflows/publish.yaml Outdated
echo "::error::extensionFile not found at: $EXTENSION_FILE"
exit 1
fi
npx --yes @vscode/vsce@2 publish --packagePath "$EXTENSION_FILE" --skip-duplicate

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we use @3? Not sure if the CLI has changed much.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done — bumped to @vscode/vsce@3 (latest is 3.9.1). The CLI interface is the same for our usage (publish --packagePath ... --skip-duplicate).

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(claude wrote this, but useful breadcrumb)

@dotNomad dotNomad left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, but I think we should investigate the version bumps

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@zackverham zackverham merged commit c1ae88e into main Jun 3, 2026
26 checks passed
@zackverham zackverham deleted the zackverham/inline-publish-vscode-extension branch June 3, 2026 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants